> You get to choose whether to push your data to Apple and trigger the scanning with their solution too.

That's purely an implementation detail, and subject to change at any time. That's why people are upset.

One solution is limited to you actually pushing your data off your private device, the other is limited to a list of items you say you want to push off your device, but actually happens on your device.

That's the difference between someone searching a large warehouse you and many others have stored belongings, and someone coming into your house and searching through your items freely as long as they're on the list.

Beyond the difference in privacy that search entails fundamentally, people are very worried that the list itself is limited only by policy, and truly, the search of items on that list has full access to your private details but for the grace of those performing the search and controlling the list.

The key escrow option is strictly worse than the current implementation, but it is also naturally constrained and the exposure is entirely user controlled. If you do not put data online in that situation, there is no way for them to process it without first exfiltrating it, which we already have laws and systems in place to hamper.

> That's purely an implementation detail, and subject to change at any time.

That’s an evergreen complaint. If they want to introduce a general purpose scanning mechanism they can do so at any time. This is not that.

> That's why people are upset.

I don’t think so. I think they are upset because they don’t like the fact that Apple has any power over them and this remind them of that even though it is not in fact an abuse.

I actually agree with this, but I don’t think that claiming Apple’s implementation to be something it is not is helpful.

The key escrow solution is strictly worse in any future. If key escrow becomes established as a norm between cloud providers and law enforcement, then no free alternative will ever be possible.

> The key escrow solution is strictly worse in any future. If key escrow becomes established as a norm between cloud providers and law enforcement, then no free alternative will ever be possible.

I don't think that's true. Systems or programs to encrypt locally before pushing up to a shared platform are possible and currently in use. Those that want that additional security have recourse to get it. Alternatively, people could run their own cloud sync instances (also already available in some forms). This puts the control in the users hands (don't sync to cloud, pre-encrypt to shared cloud, or do some personal sync thing), while also setting a clear precedent of what is acceptable on users personal devices.

The problem here is that this implementation really has nothing to do with cloud sync. Apple has currently linked it to whether you're pushing that data to iCloud, but that's an arbitrary distinction. In the world without iCloud, they could make it scan any media that was sent across the network. The iCloud distinction is entirely arbitrary, which is why people are not satisfied with it. There is nothing beyond promises to keep it that way, and promises are less binding than laws and national security letters.

> The problem here is that this implementation really has nothing to do with cloud sync.

It is built into the photo uploading mechanism and only scans photos in a very narrow way that can’t be twisted into generic scanning.

> they could make it scan any media that was sent across the network.

Definitely false. It cannot match anything except photos in this very narrow way.

> There is nothing beyond promises to keep it that way,

Not true. The mechanism cannot be used as a general purpose media scanner.

What is true is that Apple could add a general purpose scanner in future, but it wouldn’t leverage this mechanism, and their potential to add arbitrary spyware has always been there and is not changed by this.